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Art Unit: 2616 

DETAILED ACTION 
Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S. C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 1, 26, 27, 28, 50, 51 and 62 are rejected under 35 U.S.C. 1 12, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Regarding claims 1, 26, 27, 28, 50, 51 and 62, it does not make sense to address on line 
1 "A distributed network security system comprising a network" ; then on line 2 " said network 
comprising distributed security systems". Further, is " at least one host processor" on line 8 
referred to " at least one host processor" on line 4 ? . 

Claim Objections 

Claim 1 is objected to because of the following informalities: "at least one host 
processor" on line 4 is followed by a premature period ".". Appropriate correction is required. 

Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection 
is appropriate where the conflicting claims are not identical, but at least one examined 
application claim is not patentably distinct from the reference claim(s) because the examined 
application claim is either anticipated by, or would have been obvious over, the reference 
claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re 
Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re LongU 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re 
VogeU 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may 
be used to overcome an actual or provisional rejection based on a nonstatutory double patenting 
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ground provided the conflicting application or patent either is shown to be commonly owned 
with this application, or claims an invention made as a result of activities undertaken within the 
scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 
3.73(b). 

Claims 9, 34, 40, 45, 55, 58 are provisionally rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over claims 16, 17, 1 10 of copending 
Applications No. 10/458,855; copending application 10/459,019; 10/459,350; 10/459,349; 
10/459,297 and 10/458,844 respectively. Although the conflicting claims are not identical, they 
are not patentably distinct from each other because the subject matters between claims 9, 34, 40, 
45, 55, 58 of the Application and claims 1, 16, 1 10 of the copending applications 10/458,855; 
10/459,019 10/459,350; 10/459,349; 10/459,297 and 10/458,844 respectively are similar 
comprising a multiprocessor system, each processor has a remote direct memory access with 
mechanism for performing data transfer; IP packet processing; classifying Ip packet; policy 
processor; security processor for performing security operation; and a combination of any of 
foregoing. Even though the security system is not explicitly shown in the claims 16, 17 and 110 
of the copending applications, but each processor in the multiprocessor system is a security 
processor performing security operations. Therefore, it would have been obvious to one skilled 
in the art the multiprocessor system of the copending application is a security system having 
security processors, each with a RDMA capability. 

This is a provisional obviousness-type double patenting rejection because the conflicting 
claims have not in fact been patented. 

Claim Rejections - 35 USC §103 
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The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 9, 34, 40, 45, 55 and 58 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lee ( US pat. 7,047,561 Bl) in view of Zaumen et al.( US pat. 7,234,003 B2). 

Regarding claims 9, 34, 40, 45, 55 and 58, Lee teaches a security network system (see 
figures 1, firewall 100 restricts access to/from IP network 1 10 against one or more security 
policies) comprising one or more network systems of one or more types ( see fig.l, external IP 
network 120 and Internal Ip network 110). The firewal 100 comprises packet filter 106 ( 
hardware processor) that examine packets at layer-3; layer-4 ( providing multiple layer security; 
see col.4, lines 15-45); and pass the data payload to application layer ( providing transport layer 
protocol processing, col.4, lines 55-60). The packet filter 106 ( hadware processor) follows 
predetermined security rules that specify which types of packets are allowed to pass and which 
types of packets are blocked ( see col.4, lines 40-55; analyzing network traffic for rule matching; 
classifying packets and take actions). Lee does not disclose a hardware processor providing a 
remote direct memory access capability. 

Since applicant describes the claimed remote direct memory access as transfering data 
between two systems over a network ( see Remark, page 25), Therefore, Zaumen et al. discloses 
a Remote direct memory access is used to provide data transfer 310 on data stream 312 between 
data device 106 ( fig.l) and data terminal 1 10 ( see fig.l) via network 108 ( fig.l) ( see fig.3; 
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RDM A is initiated to obtain data from data device 106 to data terminal 110). See col.4, lines 25- 
50. Therefore, it would have been obvious to onr skilled in the art to implement the RDMA 
teaching of transfer data into Lee's teaching in order to control the data transfer across network 
to ensure that authorized data is access through network. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

Claims 1, 2, 26, 27, 28, 31, 50, 51, 52 and 62 are rejected under 35 USC 102(e) as being 
anticipated by Bruton, III et al. ( US pat. 7,076,803 B2). 

Regarding claims 1, 26, 27, 28, 50, 51 and 62, Bruton, III et al. disclose a distributed 
network security system comprising a network, said network comprising distributed security 
systems and one or more networked systems of one or more types (see fig.3; a computer system 
detecting intrusion; col. 5; lines 45-50), said distributed security system each ( intrusion detection 
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system ) comprising at least one host processor (comprising a host 310; fig.3; col. 5; lines 52-55 
or a plurality of servers 400a, 400b, 400c in fig.4; col. 7, lines 35-45); a plurality of said 
distributed security systems providing multiple protocol layer security (see fig. 10; inbound 
packet is checks for intrusions at IP layer (block 1015); TCP/UDP layer (block 1040) and 
application layer ( block 1065). See col. 16, line 60 to col. 17, line 35 and comprising a hardware 
processor offloading or accelerating or sharply reducing overhead of transport layer protocol 
processing from at least one host processor of said distributed security systems ( see fig. 1 1, host- 
based intrusion detection is peformed by reducing overhead of instrusion detection) ( col. 17, 
lines 35-40); said hardware processor comprising a protocol processing engine to do transport 
layer protocol processing; or a programmable rule processing engine to analyze network traffic 
for rule matching or taking actions on matched rules or a combination thereof; or a security 
processing engine to do encryption, decryption, authorization or authentication or a combination 
thereof using standard or proprietary security protocols ( see fig.5; col. 10, lines 1-10; layer 
specific intrusion is performed over application layer 555; TCP/UDP layer 560, IP layer 565 
through encryption, decryption); or a packet classification engine to classify the network traffic 
(see fig. 14, block 1405; classifying error detected); or a packet processing engine to perform 
packet processing tasks ( see fig.l 1, block 1 105, if no error detected, complete packet prccessing 
at block 1 125; or if there is an error detected , perform policy active for the error at block 1110). 
See col. 17; lines 35-60. 

In claimss 2, 31 and 52, with the disclosed of Bruton III et al. that there are multiple 
servers 400a, 400b and 400c detecting intrusions including encryption, decryption between the 
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servers as shown in fig.4. Therefore, the network shown in fig.4 comprising combination of the 
servers 400a-400c detecting intrusions makes a storage are network. 

Claims 3-8, 1 1-25, 27, 29, 30, 32, 33, 35-39, 41-44, 46-49, 51, 53, 54, 56, 57, 59-61 are rejected 
because of their dependent on independent claims 1, 2, 9, 26, 28, 31, 34, 40, 45, 50-52, 55, 58 
and 62. 

Response to Arguments 
Applicant's arguments with respect to claims 1-62 have been considered but are moot in 
view of the new ground(s) of rejection. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Beukema et al. ( US pat. 7,1 13,995 Bl); 
Krause et al. (US pat. 7,171 ,484 B 1 ). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Hanh Nguyen whose telephone number is 571 272 3092. The 
examiner can normally be reached on Monday-Thursday from 8:30 to 4:30. The examiner can 
also be reached on alternate 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Lynn Feild, can be reached on 571 272 2092. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
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may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
Hanh Nguyen 





